Hello, Today i tried to do so, following by the value i saw in the UCF
xmlit looked like"generic.rawalert" I tried adding it to the JSON script
and for some reason, it just stopped the SA-IM from receiving incidents
the reason why i did that was beca...
Hello,I'm very frustrated with trying to connect SA-IM 10.5.x to Archer
SecOps 1.3I'm stuck on SA side which i have to add the relevant meta
keys to the SA-IM JSON Script that sits at
opt/rsa/im/scripts/core-alerts.jsI tried adding JSON lines for new...
I'm literally speechless,i didn't see this file and i literally
downloaded every SecOps 1.3 file that i could find (on this page that
you shared as well) I just investigated the whole thing to understand
the new UCF and SA alone, and i was only stuck...
Yep David you're totally rightBy the way I tested it and it worked which
is why i posted it so everyone can be sure 100% about the process Hope
you had a great meal with Leon, happy weekend !
So, support helped me with that (Archer support) basically you have to
edit : opt/rsa/im/scripts/normalize_core_alerts.jsand add lines such as
: category: Utils.stringValue(event.category), action:
Utils.stringValue(event.action), event_source:
Utils...
